Vulnerability-Lookup

CVE-2017-2704 (GCVE-0-2017-2704)

Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 18:39

Summary

Severity ?

No CVSS data available.

CWE

Information Exposure

Assigner

huawei

References

URL

Tags

http://www.huawei.com/en/psirt/security-advisorie…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Huawei Technologies Co., Ltd.	Smarthome,HiAPP,HwParentControl,HwParentControlParent,Crowdtest,HiWallet,Huawei Pay,Skytone,HwCloudDrive(EMUI6.0),HwPhoneFinder?¡§EMUI6.0??,HwPhoneFinder?¡§EMUI5.1??,HiCinema,HuaweiWear,HiHealthApp,	Affected: Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder EMUI6.0 9.3.0.310 and earlier versions,HwPhoneFinder EMUI5.1 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions,

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Smarthome,HiAPP,HwParentControl,HwParentControlParent,Crowdtest,HiWallet,Huawei Pay,Skytone,HwCloudDrive(EMUI6.0),HwPhoneFinder?\u0026#xa1;\u0026#xa7;EMUI6.0??,HwPhoneFinder?\u0026#xa1;\u0026#xa7;EMUI5.1??,HiCinema,HuaweiWear,HiHealthApp,",
          "vendor": "Huawei Technologies Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder EMUI6.0 9.3.0.310 and earlier versions,HwPhoneFinder EMUI5.1 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions,"
            }
          ]
        }
      ],
      "datePublic": "2017-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Exposure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-22T18:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "DATE_PUBLIC": "2017-11-15T00:00:00",
          "ID": "CVE-2017-2704",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Smarthome,HiAPP,HwParentControl,HwParentControlParent,Crowdtest,HiWallet,Huawei Pay,Skytone,HwCloudDrive(EMUI6.0),HwPhoneFinder?\u0026#xa1;\u0026#xa7;EMUI6.0??,HwPhoneFinder?\u0026#xa1;\u0026#xa7;EMUI5.1??,HiCinema,HuaweiWear,HiHealthApp,",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder EMUI6.0 9.3.0.310 and earlier versions,HwPhoneFinder EMUI5.1 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions,"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei Technologies Co., Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2017-2704",
    "datePublished": "2017-11-22T19:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T18:39:09.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2704\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2017-11-22T19:29:00.723\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.\"},{\"lang\":\"es\",\"value\":\"Smarthome 1.0.2.364 y versiones anteriores, HiAPP 7.3.0.303 y anteriores, HwParentControl 2.0.0 y anteriores, HwParentControlParent 5.1.0.12 y anteriores, Crowdtest 1.5.3 y anteriores, HiWallet 8.0.0.301 y anteriores, Huawei Pay 8.0.0.300 y anteriores, Skytone 8.1.2.300 y anteriores, HwCloudDrive(EMUI6.0) 8.0.0.307 y anteriores, HwPhoneFinder(EMUI6.0) 9.3.0.310 y anteriores, HwPhoneFinder(EMUI5.1) 9.2.2.303 y anteriores, HiCinema 8.0.2.300 y anteriores, HuaweiWear 21.0.0.360 y anteriores y HiHealthApp 3.0.3.300 y anteriores tienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Las claves de cifrado est\u00e1n almacenadas en el sistema. El atacante puede utilizar ingenier\u00eda inversa para obtener las claves de cifrado, provocando una divulgaci\u00f3n de informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:smarthome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.2.364\",\"matchCriteriaId\":\"FEF1E07C-5A28-4A01-B739-23EF517C6E11\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:hiapp:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.3.0.303\",\"matchCriteriaId\":\"1036F83E-18BA-4560-B796-878F05D976F2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:hwparentcontrol:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.0\",\"matchCriteriaId\":\"AD364E0F-4CF9-481D-AAD1-696BEEF8CA9D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:hwparentcontrolparent:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1.0.12\",\"matchCriteriaId\":\"69572083-6CA3-4FCD-A8F7-460F184BE9A0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:crowdtest:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.3\",\"matchCriteriaId\":\"DD498317-5E9B-4605-A41C-AF411A3F0436\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:hiwallet:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.0.301\",\"matchCriteriaId\":\"D7ACF69D-3555-4989-A237-EA3F06575E04\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:huawei_pay:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.0.300\",\"matchCriteriaId\":\"643D1BE6-9017-4DFE-A733-9772E06BAB5B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:skytone:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1.2.300\",\"matchCriteriaId\":\"8FC601A7-493E-4AE4-B26D-21B09CC31D3E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:hwclouddrive\\\\(emui6.0\\\\):*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.0.307\",\"matchCriteriaId\":\"6416700B-4AC4-40E1-AA67-070055AC810B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:hwphonefinder\\\\(emui6.0\\\\):*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.3.0.310\",\"matchCriteriaId\":\"53B56850-D4CE-4679-B894-3F9F8237125A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:hwphonefinder\\\\(emui5.1\\\\):*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2.2.303\",\"matchCriteriaId\":\"4F537415-D418-48AE-ACFB-CD6F41073492\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:hicinema:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.2.300\",\"matchCriteriaId\":\"279C86EF-784F-4B46-8E72-5DAFD02C1030\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:huaweiwear:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"21.0.0.360\",\"matchCriteriaId\":\"01416564-940A-4842-ADAC-0CA9F53890DB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huawei:hihealthapp:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.3.300\",\"matchCriteriaId\":\"090BA6B7-A16E-4B26-A720-B70D95675369\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2017-2704

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2704

Aliases

CVE-2017-2704

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2704",
    "description": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.",
    "id": "GSD-2017-2704"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2704"
      ],
      "details": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.",
      "id": "GSD-2017-2704",
      "modified": "2023-12-13T01:21:05.818871Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "DATE_PUBLIC": "2017-11-15T00:00:00",
        "ID": "CVE-2017-2704",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Smarthome,HiAPP,HwParentControl,HwParentControlParent,Crowdtest,HiWallet,Huawei Pay,Skytone,HwCloudDrive(EMUI6.0),HwPhoneFinder?\u0026#xa1;\u0026#xa7;EMUI6.0??,HwPhoneFinder?\u0026#xa1;\u0026#xa7;EMUI5.1??,HiCinema,HuaweiWear,HiHealthApp,",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder EMUI6.0 9.3.0.310 and earlier versions,HwPhoneFinder EMUI5.1 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions,"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei Technologies Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Exposure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:smarthome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.2.364",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:hiapp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.0.303",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:hwparentcontrol:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:hwparentcontrolparent:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1.0.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:crowdtest:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:hiwallet:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.0.301",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:huawei_pay:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.0.300",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:skytone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.2.300",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:huawei:hwclouddrive\\(emui6.0\\):*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.0.307",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:hwphonefinder\\(emui6.0\\):*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.3.0.310",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:hwphonefinder\\(emui5.1\\):*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.2.2.303",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:hicinema:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.2.300",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:huaweiwear:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "21.0.0.360",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:hihealthapp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.3.300",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2017-2704"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-04-02T16:01Z",
      "publishedDate": "2017-11-22T19:29Z"
    }
  }
}

GHSA-6RF6-J58X-XVX2

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2704"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-22T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.",
  "id": "GHSA-6rf6-j58x-xvx2",
  "modified": "2022-05-13T01:27:27Z",
  "published": "2022-05-13T01:27:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2704"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-33957

Vulnerability from cnvd - Published: 2017-11-15

Title

多款Huawei产品信息泄露漏洞

Description

华为智能家居、华为应用市场、学生模式、家长助手、华为众测、钱包、支付、天际通、华为云服务、查找我的手机、华为视频、华为手环手机客户端、、健康业务客户端都是华为产品。多款Huawei产品存在信息泄露漏洞，由于加密密钥是存储在受影响产品软件中，攻击者可通过逆向工程获取加密密钥，导致信息泄露。

Severity

中

Patch Name

多款Huawei产品信息泄露漏洞的补丁

Patch Description

华为智能家居、华为应用市场、学生模式、家长助手、华为众测、钱包、支付、天际通、华为云服务、查找我的手机、华为视频、华为手环手机客户端、、健康业务客户端都是华为产品。多款Huawei产品存在信息泄露漏洞，由于加密密钥是存储在受影响产品软件中，攻击者可通过逆向工程获取加密密钥，导致信息泄露。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170920-01-encryption-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170920-01-encryption-cn

Impacted products

Name
['Huawei 智能家居 <1.0.2.364', 'Huawei 华为应用市场 <7.3.0.303', 'Huawei 学生模式 <2.0.0', 'Huawei 家长助手 <5.1.0.12', 'Huawei 华为众测 <1.5.3', 'Huawei 钱包 <8.0.0.301', 'Huawei 支付 <8.0.0.300', 'Huawei 天际通 <8.1.2.300', 'Huawei 华为云服务 <8.0.0.307', 'Huawei 查找我的手机 <9.3.0.310', 'Huawei 查找我的手机 <9.2.2.303', 'Huawei 华为视频 <8.0.0.309', 'Huawei 华为手环手机客户端 <21.0.0.360', 'Huawei 健康业务客户端 <3.0.3.300']

Name

['Huawei 智能家居 <1.0.2.364', 'Huawei 华为应用市场 <7.3.0.303', 'Huawei 学生模式 <2.0.0', 'Huawei 家长助手 <5.1.0.12', 'Huawei 华为众测 <1.5.3', 'Huawei 钱包 <8.0.0.301', 'Huawei 支付 <8.0.0.300', 'Huawei 天际通 <8.1.2.300', 'Huawei 华为云服务 <8.0.0.307', 'Huawei 查找我的手机 <9.3.0.310', 'Huawei 查找我的手机 <9.2.2.303', 'Huawei 华为视频 <8.0.0.309', 'Huawei 华为手环手机客户端 <21.0.0.360', 'Huawei 健康业务客户端 <3.0.3.300']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2704"
    }
  },
  "description": "\u534e\u4e3a\u667a\u80fd\u5bb6\u5c45\u3001\u534e\u4e3a\u5e94\u7528\u5e02\u573a\u3001\u5b66\u751f\u6a21\u5f0f\u3001\u5bb6\u957f\u52a9\u624b\u3001\u534e\u4e3a\u4f17\u6d4b\u3001\u94b1\u5305\u3001\u652f\u4ed8\u3001\u5929\u9645\u901a\u3001\u534e\u4e3a\u4e91\u670d\u52a1\u3001\u67e5\u627e\u6211\u7684\u624b\u673a\u3001\u534e\u4e3a\u89c6\u9891\u3001\u534e\u4e3a\u624b\u73af\u624b\u673a\u5ba2\u6237\u7aef\u3001\u3001\u5065\u5eb7\u4e1a\u52a1\u5ba2\u6237\u7aef\u90fd\u662f\u534e\u4e3a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u7531\u4e8e\u52a0\u5bc6\u5bc6\u94a5\u662f\u5b58\u50a8\u5728\u53d7\u5f71\u54cd\u4ea7\u54c1\u8f6f\u4ef6\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u9006\u5411\u5de5\u7a0b\u83b7\u53d6\u52a0\u5bc6\u5bc6\u94a5\uff0c\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170920-01-encryption-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33957",
  "openTime": "2017-11-15",
  "patchDescription": "\u534e\u4e3a\u667a\u80fd\u5bb6\u5c45\u3001\u534e\u4e3a\u5e94\u7528\u5e02\u573a\u3001\u5b66\u751f\u6a21\u5f0f\u3001\u5bb6\u957f\u52a9\u624b\u3001\u534e\u4e3a\u4f17\u6d4b\u3001\u94b1\u5305\u3001\u652f\u4ed8\u3001\u5929\u9645\u901a\u3001\u534e\u4e3a\u4e91\u670d\u52a1\u3001\u67e5\u627e\u6211\u7684\u624b\u673a\u3001\u534e\u4e3a\u89c6\u9891\u3001\u534e\u4e3a\u624b\u73af\u624b\u673a\u5ba2\u6237\u7aef\u3001\u3001\u5065\u5eb7\u4e1a\u52a1\u5ba2\u6237\u7aef\u90fd\u662f\u534e\u4e3a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u7531\u4e8e\u52a0\u5bc6\u5bc6\u94a5\u662f\u5b58\u50a8\u5728\u53d7\u5f71\u54cd\u4ea7\u54c1\u8f6f\u4ef6\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u9006\u5411\u5de5\u7a0b\u83b7\u53d6\u52a0\u5bc6\u5bc6\u94a5\uff0c\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHuawei\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei \u667a\u80fd\u5bb6\u5c45 \u003c1.0.2.364",
      "Huawei \u534e\u4e3a\u5e94\u7528\u5e02\u573a \u003c7.3.0.303",
      "Huawei \u5b66\u751f\u6a21\u5f0f \u003c2.0.0",
      "Huawei \u5bb6\u957f\u52a9\u624b \u003c5.1.0.12",
      "Huawei \u534e\u4e3a\u4f17\u6d4b \u003c1.5.3",
      "Huawei \u94b1\u5305 \u003c8.0.0.301",
      "Huawei \u652f\u4ed8 \u003c8.0.0.300",
      "Huawei \u5929\u9645\u901a \u003c8.1.2.300",
      "Huawei \u534e\u4e3a\u4e91\u670d\u52a1 \u003c8.0.0.307",
      "Huawei \u67e5\u627e\u6211\u7684\u624b\u673a \u003c9.3.0.310",
      "Huawei \u67e5\u627e\u6211\u7684\u624b\u673a \u003c9.2.2.303",
      "Huawei \u534e\u4e3a\u89c6\u9891 \u003c8.0.0.309",
      "Huawei \u534e\u4e3a\u624b\u73af\u624b\u673a\u5ba2\u6237\u7aef \u003c21.0.0.360",
      "Huawei \u5065\u5eb7\u4e1a\u52a1\u5ba2\u6237\u7aef \u003c3.0.3.300"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170920-01-encryption-cn",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-21",
  "title": "\u591a\u6b3eHuawei\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-201711-0220

Vulnerability from variot - Updated: 2025-04-20 23:24

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure. plural Huawei The product contains an information disclosure vulnerability.Information may be obtained. Huawei Smarthome, etc. are all products of China's Huawei (Huawei). Huawei Smarthome is a smart home management app. HiAPP is a dedicated technical knowledge consultant platform for Huawei mobile phones. Several Huawei products have an information disclosure vulnerability, which stems from the fact that the program stores encryption keys in the affected product software

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0220",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "skytone",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "8.1.2.300"
      },
      {
        "model": "hiapp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "7.3.0.303"
      },
      {
        "model": "crowdtest",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "1.5.3"
      },
      {
        "model": "hiwallet",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "8.0.0.301"
      },
      {
        "model": "hwphonefinder\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.3.0.310"
      },
      {
        "model": "hwphonefinder\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "9.2.2.303"
      },
      {
        "model": "smarthome",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "1.0.2.364"
      },
      {
        "model": "hwparentcontrolparent",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "5.1.0.12"
      },
      {
        "model": "hicinema",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "8.0.2.300"
      },
      {
        "model": "hwclouddrive\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "8.0.0.307"
      },
      {
        "model": "hwparentcontrol",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "2.0.0"
      },
      {
        "model": "huaweiwear",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "21.0.0.360"
      },
      {
        "model": "hihealthapp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "3.0.3.300"
      },
      {
        "model": "pay",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "8.0.0.300"
      },
      {
        "model": "crowdtest",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hiapp",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hicinema",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hihealthapp",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hiwallet",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "pay",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "huaweiwear",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hwclouddrive",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hwparentcontrol",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hwparentcontrolparent",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hwphonefinder",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "skytone",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "smarthome",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2704"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:huawei:crowdtest",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:hiapp",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:hicinema",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:hihealthapp",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:huawei:hiwallet",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:huawei_pay",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:huaweiwear",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:hwclouddrive_emui6.0",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:hwparentcontrol",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:hwparentcontrolparent",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:hwphonefinder_emui5.1",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:huawei:skytone",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:smarthome",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      }
    ]
  },
  "cve": "CVE-2017-2704",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-2704",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-110907",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-2704",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-2704",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2704",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-2704",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-1013",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110907",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-2704",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110907"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1013"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2704"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure. plural Huawei The product contains an information disclosure vulnerability.Information may be obtained. Huawei Smarthome, etc. are all products of China\u0027s Huawei (Huawei). Huawei Smarthome is a smart home management app. HiAPP is a dedicated technical knowledge consultant platform for Huawei mobile phones. Several Huawei products have an information disclosure vulnerability, which stems from the fact that the program stores encryption keys in the affected product software",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110907"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2704"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2704",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1013",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-110907",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2704",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110907"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1013"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2704"
      }
    ]
  },
  "id": "VAR-201711-0220",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110907"
      }
    ],
    "trust": 0.33809524
  },
  "last_update_date": "2025-04-20T23:24:51.255000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20170920-01-encryption",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
      },
      {
        "title": "Multiple Huawei Product information disclosure vulnerability repair measures",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76723"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1013"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110907"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2704"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2704"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2704"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110907"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1013"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2704"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-110907"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-2704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1013"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2704"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110907"
      },
      {
        "date": "2017-11-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2704"
      },
      {
        "date": "2017-12-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      },
      {
        "date": "2017-11-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-1013"
      },
      {
        "date": "2017-11-22T19:29:00.723000",
        "db": "NVD",
        "id": "CVE-2017-2704"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110907"
      },
      {
        "date": "2020-04-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-2704"
      },
      {
        "date": "2017-12-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      },
      {
        "date": "2020-04-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-1013"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-2704"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1013"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Huawei Information disclosure vulnerability in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010794"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1013"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-2704

Vulnerability from fkie_nvd - Published: 2017-11-22 19:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	smarthome	*
huawei	hiapp	*
huawei	hwparentcontrol	*
huawei	hwparentcontrolparent	*
huawei	crowdtest	*
huawei	hiwallet	*
huawei	huawei_pay	*
huawei	skytone	*
huawei	hwclouddrive\(emui6.0\)	*
huawei	hwphonefinder\(emui6.0\)	*
huawei	hwphonefinder\(emui5.1\)	*
huawei	hicinema	*
huawei	huaweiwear	*
huawei	hihealthapp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:smarthome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEF1E07C-5A28-4A01-B739-23EF517C6E11",
              "versionEndIncluding": "1.0.2.364",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hiapp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1036F83E-18BA-4560-B796-878F05D976F2",
              "versionEndIncluding": "7.3.0.303",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hwparentcontrol:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD364E0F-4CF9-481D-AAD1-696BEEF8CA9D",
              "versionEndIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hwparentcontrolparent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69572083-6CA3-4FCD-A8F7-460F184BE9A0",
              "versionEndIncluding": "5.1.0.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:crowdtest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD498317-5E9B-4605-A41C-AF411A3F0436",
              "versionEndIncluding": "1.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hiwallet:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7ACF69D-3555-4989-A237-EA3F06575E04",
              "versionEndIncluding": "8.0.0.301",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:huawei_pay:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "643D1BE6-9017-4DFE-A733-9772E06BAB5B",
              "versionEndIncluding": "8.0.0.300",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:skytone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC601A7-493E-4AE4-B26D-21B09CC31D3E",
              "versionEndIncluding": "8.1.2.300",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:hwclouddrive\\(emui6.0\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6416700B-4AC4-40E1-AA67-070055AC810B",
              "versionEndIncluding": "8.0.0.307",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hwphonefinder\\(emui6.0\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53B56850-D4CE-4679-B894-3F9F8237125A",
              "versionEndIncluding": "9.3.0.310",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hwphonefinder\\(emui5.1\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F537415-D418-48AE-ACFB-CD6F41073492",
              "versionEndIncluding": "9.2.2.303",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hicinema:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "279C86EF-784F-4B46-8E72-5DAFD02C1030",
              "versionEndIncluding": "8.0.2.300",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:huaweiwear:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01416564-940A-4842-ADAC-0CA9F53890DB",
              "versionEndIncluding": "21.0.0.360",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:hihealthapp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "090BA6B7-A16E-4B26-A720-B70D95675369",
              "versionEndIncluding": "3.0.3.300",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure."
    },
    {
      "lang": "es",
      "value": "Smarthome 1.0.2.364 y versiones anteriores, HiAPP 7.3.0.303 y anteriores, HwParentControl 2.0.0 y anteriores, HwParentControlParent 5.1.0.12 y anteriores, Crowdtest 1.5.3 y anteriores, HiWallet 8.0.0.301 y anteriores, Huawei Pay 8.0.0.300 y anteriores, Skytone 8.1.2.300 y anteriores, HwCloudDrive(EMUI6.0) 8.0.0.307 y anteriores, HwPhoneFinder(EMUI6.0) 9.3.0.310 y anteriores, HwPhoneFinder(EMUI5.1) 9.2.2.303 y anteriores, HiCinema 8.0.2.300 y anteriores, HuaweiWear 21.0.0.360 y anteriores y HiHealthApp 3.0.3.300 y anteriores tienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Las claves de cifrado est\u00e1n almacenadas en el sistema. El atacante puede utilizar ingenier\u00eda inversa para obtener las claves de cifrado, provocando una divulgaci\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2017-2704",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-22T19:29:00.723",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-encryption-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2704 (GCVE-0-2017-2704)

GSD-2017-2704

GHSA-6RF6-J58X-XVX2

CNVD-2017-33957

VAR-201711-0220

FKIE_CVE-2017-2704

Tags

Sightings

Nomenclature